.Mole File Virus Removal

If you have landed here, because a virus called .Mole File Virus has recently placed an encryption on a number of your most valuable files and is now seeking to blackmail you for money, stick around – you’ve come to the right place. .Mole File Virus belongs to the malware family of ransomware and it’s called that, because after it encrypts the victim’s data, it then requires a ransom payment in exchange for the ‘release’ of the blocked data.

Part of the reason why this particular malware category is so problematic is that it oftentimes uses extremely sophisticated encryption algorithms, which prove impossible to breach, unless you’re in possession of a decryption key. And that decryption key is exactly what the criminals behind ransomware request the ransom payment for. But not to worry, as below is a removal guide that will walk you through the process of locating and removing .Mole File Virus from your system. In addition, you will also find instructions which may or may not help you restore the encrypted files on your machine, but are worth giving a try nonetheless.

How did the ransomware end up in my system? How does it work?

We’ll start with the second question. Ransomware like .Mole File Virus typically accesses the victim computer by stealth and remains hidden until it’s finished encrypting its targeted files. Once this is done, it displays a ransom note on the user’s screen, informing them of the malicious process that has just taken place and of the ransom demands. Hackers usually tend to use various scare tactics, like including deadlines, in order to pressure the users into paying without allowing them time for thought. But before this happens, the virus first makes a list of the files it’s after, following which it begins to create encrypted copies. As this happens, the originals are deleted and the victim is eventually left with the inaccessible encrypted copies. It is possible, though rarely, to intercept the infection by remaining observant and noticing peculiar behavior, like PC slowdowns and RAM and CPU usage spikes in your Task Manager.

However, more importantly you may be wondering how you got infected and how you could potentially get infected again in the future. Well, there are several possibilities, the most common of which tend to be malvertisements and spam emails. In the case of the former, hackers inject seemingly harmless online ads with the malicious script of the virus and wait until some unsuspecting user clicks on it. That way they automatically download the ransomware onto their machines, where it immediately gets to work. And note that all of this will occur without the slightest indication. Spam emails are often the weapon of choice and, surprisingly, even though we all hear about them and ought to know better than fall into their trap, appear to still be very successful in distributing all sorts of malware. Be sure to watch out for suspicious incoming correspondence, even if it’s from someone in your contacts list. Keep an eye out for attachments, hyperlinks and do not by any means open any of those, unless you are positive that you can trust the source. Hackers can be very sophisticated and will go to great lengths to make their emails look believable.

How to prevent future infections

We already mentioned the primary sources of ransomware like .Mole File Virus. It’s up to you to do all you can to avoid them. Try to stay away from fishy sites and illegal or semi-legal download platforms, because those can often, in fact, be a cesspool of viruses. In addition, you would do well to keep all programs on your computer, including its OS up-to-date, as failing to do so can form vulnerabilities, which viruses can exploit in order to enter your system. Be sure to also have a reliable antivirus or anti-malware tool, as these have a high chance of protecting you against other viruses that ransomware may use as a backdoor, such as Trojans. In addition, we highly recommend that you make backups of all your most important data and keep them on a separate drive. Even keeping them on a cloud could potentially save them in case of an attack, though a separate drive is foolproof in these cases. That way you will essentially rob the virus of its ability to blackmail you, because you will have existing copies of the very data it’s trying to extort money for.

.Mole File Virus Removal

Prior to starting to execute the steps from the guide, we advise you to either bookmark this page or open it on a separate device since throughout the process of completing the guide, you might need to exit your browser.

1: Using Safe Mode

Before beginning to troubleshoot the issue, you are advised to enter Safe Mode on your PC. If you do not know how to do that, use this guide on how to enter Safe Mode.

2: Spotting the process

Open your Task Manager using the Ctrl + Shift + Esc key combination. Next, go to the processes tab and carefully look through the list for any shady entries. Usually, malicious processes will be consuming large amounts of CPU and RAM and will either have no description or will have a suspicious-looking one.

Once you identify the virus’ process, right-click on it and select Open File Location. Delete everything in the folder that opens if you are sure that the process was malicious. If you are not sure, contact us in the comments.

Go back to the Task Manager and end the potentially harmful process.

3: Hosts file IP’s

Go to your start menu and in the search field, paste the following address: notepad %windir%/system32/Drivers/etc/hosts. Select the first result and look at the bottom of the newly opened notepad file. See if there are any IP’s below “Localhost” and tell us in the comments if there were any IP addresses. 

4: System Configuration Startup Programs

Type System Configuration in the Windows search bar and open the first result. Go to the Startup tab and take a look at the list of startup programs (on Windows 10, the Startup programs can be seen in the Startup Section of the Task Manager). If any of them look shady or have unknown manufacturer or a manufacturer with a sketchy name, uncheck those entries and click on OK.

5: Registry

Open the Run window (WinKey + R), type regedit and press Enter. Once the Registry Editor opens, press Ctrl + F and type the name of the virus. Select Find Next and delete whatever gets found that has the virus’ name. Do that with all search results.

6: Deleting potential virus files

Open the Start Menu and separately type each of the following locations: %AppData% %LocalAppData% %ProgramData% %WinDir% %Temp% . Open each of those folders and sort their contents by date. Delete the most recent files and folders. When you open the Temp folder, delete everything in it.

About the author

Adrian Bitterson

Leave a Comment